Cybersecurity has been high on the agenda in recent years, especially among companies and organizations. At the IT level, the leaks have usually already been plugged, but when it comes to OT infrastructure, the risks are still too often underestimated. However, the continuity of business processes and the protection of personal information are crucial. A cybersecurity audit can reveal the areas for improvement. Over the last 10 years, in the field of cybersecurity in buildings, much attention has been paid to the pure IT infrastructure such as computers and printers. However, OT - operational technology - is still too often treated as a stepmother. However, the use of cameras, access control, fire detection and building management systems for cooling and heating that are connected to the network, among others, has increased dramatically. This makes OT infrastructure vulnerable to misuse. A lot of building managers or users are unaware of the potential risks of poor OT protection. For example, access control software contains personal data subject to the GDPR. A poorly secured camera system allows hackers to look around your building. It not only violates the privacy of those who walk around in it, but can also lead to physical break-ins and theft. Hacking the cooling or heating systems can cause a production facility to shut down. And these are just a few examples. Action is taken not only at the technical level but also at the organizational level. This is done according to the principle of Organizational Physical Electronic Notification Measures (OFEM). That OFEM principle can be applied in both the physical and virtual world.
Together with NVISO Belgium, Ingenium performs cybersecurity audits at companies and organizations. We combine NVISO's expertise on the IT side with our technical knowledge on the OT side. An audit starts with a number of workshops with the client to get to know the building and the techniques better. Extra attention is paid to the critical installations, whose risk of failure will be tested.
Mapping will include:
Not only in the building itself are tests performed. With remote access testing, we see whether technical installations can also be taken over remotely. Among other things, it is important to know:
The potential pain points encountered in recent office buildings during a cybersecurity audit are:
So the problems were in the areas of hardware, software and network construction. Many of the listed security risks were not located outside but inside the building itself. After the audit, in consultation with the customer, we looked at which issues needed to be eliminated and which could be considered an acceptable risk. This is based on risk versus cost. When the necessary adjustments are made, a new test follows to see if the desired result is actually achieved.
The audit in this example clearly showed that numerous risks were present. The growing number of IP devices in the OT world means that extra attention is needed to build the networks in a secure manner.
Could your company or organization also use a cybersecurity audit? Our expert Tim Opsomer would be happy to explain: tim.opsomer@ingenium.be.
.png)
.png)
